WIP: Federating FreeIPA and Keycloak

2023-10-23 21:53:05 +01:00 · 2023-10-23 21:53:05 +01:00 · d89ba200ba
parent 630db7a880
commit d89ba200ba
1 changed files with 27 additions and 8 deletions
--- a/main.tf
+++ b/main.tf
@ -24,6 +24,10 @@ terraform {
      source = "rework-space-com/freeipa"
      version = "4.0.0"
    }
+#    ldap = {
+#      source  = "l-with/ldap"
+#      version = ">= 0.4"
+#    }
  }
  backend "kubernetes" {
    secret_suffix    = "tfstate"
@ -70,6 +74,14 @@ provider "freeipa" {
  insecure = true
 }

+#provider "ldap" {
+#  alias = "ldap_provisioner"
+#  host = "${helm_release.freeipa.name}.${var.domain_suffix}"
+#  bind_user = "admin"
+#  bind_password = "${var.freeipa_ds_password}"
+#  port = 389
+#}
+
 resource "helm_release" "keycloak" {
  name                       = "keycloak"
  namespace                  = var.keycloak_namespace
@ -569,15 +581,16 @@ resource "helm_release" "grafana" {
 resource "helm_release" "freeipa" {
  name = "freeipa"
  namespace = var.freeipa_namespace
-  repository = "https://improwised.github.io/charts/"
+  # repository = "https://improwised.github.io/charts/"
+  repository = "https://git.k8s.md1clv.im/api/packages/dan/helm"
  chart = "freeipa"
  create_namespace = true
  values = [
 <<EOT
 hostname: freeipa.${var.domain_suffix}
 args:
-  realm: MD1CLV.IM
-  domain: md1clv.im
+  realm: ${var.ldap.realm}
+  domain: ${var.ldap.domain}
  dspassword: ${var.freeipa_ds_password}
  adminpassword: ${var.freeipa_admin_password}
  nohostdns: true
@ -592,11 +605,6 @@ ingress:
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
  tls: true
-  extraPaths:
-  - path: /
-    backend:
-      service:
-        port: https
  backendProtocol: https
 service:
  annotations:
@ -606,6 +614,17 @@ EOT
  ]
 }

+#resource "ldap_entry" "bind_user" {
+#  provider = ldap.ldap_provisioner
+#  dn = "uid=system,cn=sysaccounts,cn=etc,${var.ldap.base_dn}"
+#  data_json = jsonencode({
+#    objectClass = ["account","simplesecurityobject"]
+#    uid         = [var.ldap.bind_user]
+#    userPassword= [var.ldap.bind_password]
+#  })
+#}
+
+
 # resource freeipa_user "freeipa_users" {
 #   first_name = var.keycloak_user.firstname
 #   last_name = var.keycloak_user.lastname